The practice of using the Internet, which is accessible throughout the world, 
as a comprehensive information network as well as for ordering or making use of 
products or services which are made available on it is known. 

The processing of the actual payment transaction after the order, i.e., after 
the initiation of the payment procedure, is problematic. 

Singleton, Cash on the Wirehead, BYTE, page 71, volume 20, No. 6, dated 
June 1995, discloses a number of payment processing methods which are all based 
on a credit card system and in which various methods are applied for the encrypted 
transmission of data. 

It also already has been proposed to additionally secure the authorization of 
a payment by making a supplementary confirmation by telephone necessary. 

US 5,794,221 discloses a payment method using the Internet. In this 
publication, first an agreement is made between an Internet provider and the 
customer and then a corresponding provision is specified between the provider and 
the seller or service provider. The provider declares in this agreement that he/she 
will invoice the customer and accept responsibility for the settlement of payments 
with , the seller or service provider. The provider himself/herself provides network . 
access for the customer. The transaction information between the seller and 
customer is supplied simultaneously to the provider, which then performs the 
corresponding activities such as invoicing and passing on the received payment. 
The provider is paid for the use of the provider's services. 

In the previously known solution it became apparent that it was an 
advantage if it was not necessary for the customer to have to communicate his/her 
account number or similar personal data to the seller, thus preventing an undesired 
temporary presence of this data set on the Internet which is virtually impossible to 
control. 

However, it has become evident that in a method according to 
US 5,794,221, disadvantages occur in that the provider has to intervene actively 
into the proceedings relating to the invoicing and settlement of payment. 
Furthermore, it is necessary for the customer to be identified with respect to the 



provider, during which process it is not possible to prevent third parties being able 
to read and to make fraudulent use of this sensitive data about the provider. 

In view of the above, an object of the present invention is to disclose a 
method and an apparatus for electronically processing purchasing and sales 
5 transactions, which is referred to as electronic commerce, using public 

communications networks, in particular the Internet, the intention being to increase 
security when accessing a network and making use of services via the network 
1*3 without having to impose security-related functions on the network provider. 

!J! SUMMARY OF THE INVENTION 

f f 'i 1 0 The basic idea of the present invention consists, accordingly, in ordering 

goods and/or services via the Internet starting from a terminal which is capable of 
communication and has a display or monitor, in particular a personal computer, via 
an access node, and electronically paying for these goods and/or services, the 
terminal which is capable of communication processing the order data transfer via a 
1 5 switching office. 

After confirmation of the order, the access to the Internet starting from the 
switching office is at least briefly interrupted and a menuTprompted billing access 
to the switching office of the telecommunications network operator is set and/or set 
up. With the menu-prompted billing procedure, it is then possible to register, with 
20 respect to billing, the order within the respective telephone account file relating to 
the terminal, and later settle payment via the customary processing of the services 
for the use of the telecommunications network. 

It is a defining feature that before the order data or billing data is registered 
in the telephone account file, a PIN (Personal Identification Number) input together 
25 with an authenticity check is carried out. 

As a result of the at least brief disabling of the access between the Internet 
and the switching office, unauthorized access for a third party which has monitored 
the ordering process can be prevented. Of course, it is also possible to allow the 
link to exist online and block external access only within the framework which is 
30 referred to as a firewall function. 
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The order data and billing data are then stored, for example, in a separate 
memory area of the telephone account file, it then being possible to register 
supplementary data such as information on the date and/or the specific type of 
goods or service. 

5 The order data and billing data can be stored in coded form. It is also 

conceivable to provide for the data to be output on a customary telephone bill in 
encrypted form; for example, by reference to product or services codes. 
O Confirmation protocols, which are transferred to the service provider via the 

. p Internet in a fashion known per se are created in an automated fashion from the 

Jfj 10 registered and stored order data and billing data. The confirmation protocols do 

W not, however, contain any security-related information; for example, the PIN, a 

1 - j credit card account number or the like. 

A data link is established to the telephone data-registering computer, which 
l-J is generally located in the switching office, is established in the respective 

§y 1 5 switching office after a menu item has been called and authenticated via the 

personal computer. It is possible also to activate the menu during the online state of 
the personal computer and access the Internet so that the user is capable, even when 
accessing a homepage of a service provider, to activate a menu bar and/or open the 
appropriate menu in order to, if desired, bring about the payment processing, during 
20 which care is automatically taken to ensure that the Internet access is interrupted or 
the firewall protection measure is activated at the relevant moment. 

In order to increase security, the order data is firstly loaded onto the 
terminal, namely the personal computer, via the Internet, and the order is registered 
at the service provider end. Then, in a separate link, the set of billing data 
25 associated with the order is transmitted from the terminal of the memory to the 

switching office and registered there in a debit file after authenticity checking. The 
registration of the accounts receivable is then transferred to the service provider 
together with an identifier as a confirmation. 

At the device end, a terminal which is capable of communication and has a 
30 display (personal computer) is provided for carrying out the method, the terminal 
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being connected to a switching office via the telephone network. The switching 
office sets up access to an Internet access computer (provider) via an appropriate 
data line. 

The switching office contains an internode module, the internode module 
5 converting incoming telephone data when data is transferred between the Internet 
access computer and the terminal into a format which is suitable for display on, or 
storage in, the personal computer or terminal, but also transforming data records 
derived from the Internet data transfer into a switching-office format. The 
*J3 internode module creates, as it were, a symbiosis between telephone traffic and 

y 

Hj 10 digital data transfer. 

: Additional features and advantages of the present invention are described in, 

Id and will be apparent from, the following Detailed Description of the Invention and 

Figures. 

BRIEF DESCRIPTON OF THE FIGURES 
W 15 Figure 1 shows a basic view of the access to the Internet starting from a 

M 

§*j personal computer in connection with the teachings of the present invention. 

- DETAILED DESCRIPTION OF THE INVENTION 

The terminal, in particular a PC 1 , is connected to the public telephone 
network via a suitable modem or an interface. In the relevant supply area, at least 
20 one switching office 3 is provided which both sets up call-number-selected links 
and registers call times for later billing. 

A link is established via the switching office 3 to an Internet access 
computer 4 which is operated by what is referred to as a provider. 

The Internet access provider 4 then permits access to the Internet which is 
25 illustrated symbolically by the reference symbol 5. 

In the switching office there is an internode module 6 which makes it 
possible for services of conventional telephone systems to be provided with the 
possibilities of Internet-enabled personal computers. The internode makes it 
possible for network operators and users to use their existing infrastructure such as 
30 leads or switching systems in a systematic fashion for the World Wide Web. 
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In particular, in the exemplary embodiment, the order data transfer is 
processed via the switching office when Internet services are made use of. Such 
use can be, for example, the ordering of goods or services. 

After confirmation of the order, the access from the switching office 3 via 
5 the access computer 4, or the access to the Internet, is briefly interrupted or disabled 
for incoming data in order to optimize security. In the personal computer 1 , a 
menu-prompted billing access to the switching office 3 is then established and/or 
set up in order then to register, with respect to billing, the order within a 
corresponding terminal-related telephone account file or to process payment via the 

W 10 customary processing of the services for the use of the telecommunications 

N 

iy networks; for example, the call data registration. 

f;{ Of course, for reasons of security, it is also expedient here to carry out 

a authenticity checking of the user with respect to the personal computer by, for 

I'D 

fl j example, inputting and interrogating a PIN. Furthermore, for later verification 

15 purposes, the order data and billing data should be stored in a separate memory area 



W of the telephone account file in the switching office or in a computer located there. 

The user who has made use of the Internet service via the personal computer 
1, then receives, for example with his/her monthly telephone bill, a request to pay 
for the goods ordered or services provided. 

20 In the method described, the possibility of personal data such as credit card 

numbers, account information or the like being conducted over the Internet is ruled 
out. The particular problem with the Internet is that data and information are held 
and buffered for a relatively long time on various node computers, and also at the 
providers, and that as a result of the channeling of a multiplicity of information 

25 there is always the risk of third parties interrogating data in a selected fashion and 
making fraudulent use of it. 

The order data and billing data which are stored in the switching office 3 or 
a computer located there are then used for automatically creating a confirmation 
protocol which is communicated to the service provider via the Internet. This 

30 communication can take place directly after the order but also at times of little 
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traffic so that only low supplementary costs are incurred for the operator of the 
public telephone network 2. 

In a further exemplary embodiment, a menu item or a menu is activated by 
the personal computer 1 after the call and authentication confirmation, and a link is 
established to the switching office; i.e., a data link to the telephone data-registering 
computer. Of course, the menu also can be activated during the online state of the 
personal computer and instantaneous access to the Internet, the transmission of 
order data with the consequent production of billing data being, however, not 
performed until after the Internet link has been disconnected. 

To do this, the order data first can be loaded onto the personal computer 1 
over the Internet, and the order registered at the service provider end. The billing 
data associated with the order is then transmitted, with a separate link, from the 
personal computer 1 to the switching office 3 and registered in a debit file after 
further authenticity checking. The confirmation of the accounts receivable 
registration with the service provider via an identifier is also carried out separately. 

The switching-office-end operator, for example the telephone company, 
performs the settlement of the payment to the service provider or supplier after 
receipt of payment has been indicated. 

The present solution provides the advantage that security-related personal 
data no longer has to be transferred over the public Internet, providing significant 
advantages in terms of security during payment transactions and the trust of users 
and customers in the payment system. 

Although the present invention has been described with reference to specific 
embodiments, those of skill in the art will recognize that changes may be made 
thereto without departing from the spirit and scope of the invention as set forth in 
the hereafter appended claims. 



